From: Daira Hopwood Date: Tue, 6 Jan 2015 18:10:41 +0000 (+0000) Subject: Simplify key checking code by inlining _allowedKey and _correctSignature. refs #1141 X-Git-Tag: allmydata-tahoe-1.10.1a1~89 X-Git-Url: https://git.rkrishnan.org/?a=commitdiff_plain;h=6c756ba3e9f32804802ce1a0c0835db5483f3ad2;p=tahoe-lafs%2Ftahoe-lafs.git Simplify key checking code by inlining _allowedKey and _correctSignature. refs #1141 Signed-off-by: Daira Hopwood --- diff --git a/src/allmydata/frontends/auth.py b/src/allmydata/frontends/auth.py index bba6d64b..4a874d8d 100644 --- a/src/allmydata/frontends/auth.py +++ b/src/allmydata/frontends/auth.py @@ -82,25 +82,6 @@ class AccountFileChecker: d.addCallback(self._cbPasswordMatch, str(creds.username)) return d - def _allowedKey(self, creds): - """ - Determine whether the public key indicated by the given credentials is - one allowed to authenticate the username in those credentials. - - Returns True if so, False otherwise. - """ - return creds.blob == self.pubkeys.get(creds.username) - - def _correctSignature(self, creds): - """ - Determine whether the signature in the given credentials is the correct - signature for the data in those credentials. - - Returns True if so, False otherwise. - """ - key = keys.Key.fromString(creds.blob) - return key.verify(creds.signature, creds.sigData) - def _checkKey(self, creds): """ Determine whether some key-based credentials correctly authenticates a @@ -109,11 +90,19 @@ class AccountFileChecker: Returns a Deferred that fires with the username if so or with an UnauthorizedLogin failure otherwise. """ - if self._allowedKey(creds): + + # Is the public key indicated by the given credentials allowed to + # authenticate the username in those credentials? + if creds.blob == self.pubkeys.get(creds.username): if creds.signature is None: return defer.fail(conch_error.ValidPublicKey()) - if self._correctSignature(creds): + + # Is the signature in the given credentials the correct + # signature for the data in those credentials? + key = keys.Key.fromString(creds.blob) + if key.verify(creds.signature, creds.sigData): return defer.succeed(self._avatarId(creds.username)) + return defer.fail(error.UnauthorizedLogin()) class AccountURLChecker: